Security+ Objectives 1.5

1.5 Explain vulnerability scanning concepts.

• Passively test security controls — A passive test scans for vulnerability and does not attempt to exploit any. This is a passive attempt to identify weaknesses and it ensures that the testing does not interfere with normal operations.
• Identify vulnerability — This is the portion where you look for known vulnerability. This can also be cross referenced with the Common Vulnerabilities and Exposures (CVE) list.
• Identify lack of security controls — Here you are looking so missing security controls such as the lack of up-to-date patches or the lack of antivirus software.
• Identify common misconfigurations — This includes open ports, weak passwords, default accounts and passwords, sensitive data and security/ configuration errors.
• Intrusive vs non-intrusive — These terms apply to penetration testing. Intrusive testing can potentially disrupt the operations of a system. Non-intrusive will not compromise a system. Intrusive is invasive where non-intrusive is non invasive.
• Credentialed vs non-credentialed — A credentialed vulnerability scan is run typically by security administrators at a level of higher permissions and provides a more accurate scan. Non-credentialed scan is commonly run by attackers until they have used privilege escalation to gain the information needed to run a credentialed scan.
• False Positive — An alert on an event that isn’t a security incident. In the case of vulnerability scanning this would be a scan indicating that it detected a vulnerability that does not exist.